Online sites engage in different practices with respect to consent for collection of personally identifiable information. It is important for library users to read privacy policies before they provide personally identifiable information online and, if necessary, to exercise their right to say no to a particular use of their personally identifiable information. In general, most web sites rely on one of two methods for allowing users to exercise their right to object to a specified use of personally identifiable information known as “opt-in” and “opt-out.” This message discusses the difference between these methods of obtaining consent for the collection of consumers’ personally identifiable information online.
What is Opt-In?
When a company uses opt-in marketing, the consumer must affirmatively give the company permission to send information about new products or sales, or to share the consumer’s information with other companies in a business relationship with the company where that consumer has an opt-in agreement. Generally, a consumer must click on website boxes or send an e-mail request to the company or its affiliates in order to authorize consumer e-mail.
What is Opt-Out?
When a company uses opt-out marketing, the company privacy policy indicates that the consumer is presumed to want information about sales or new products, and will be sent such information unless the consumer “opts out” of receiving it. Consumers may also be given the option to opt-out of allowing a company to share the consumer’s information with affiliated companies or third parties. Some companies make opting out very simple, using a similar click-box system that other companies use for opt-in agreements, only leaving the default setting as “yes, you may send me information.” Others make it difficult, requiring regular mail or a phone call to remove a person from a marketing list.
Business groups, for the most part, tend to prefer the opt-out approach because it is easier to capture consumer information. For most businesses, the sharing, selling, or trading of personally identifiable information beyond the original transaction is part of a business strategy. On the other hand, this approach may pose a dilemma for consumers who either may not be aware of this practice, or who may not wish to participate.